Zero Day MonitorZDM

← Back to list

8.8

CVE-2025-14174KEVEXPLOITEDPATCHED

google · chrome

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severi

Description

Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 143.0.7499.110 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

Affected Products

Vendor	Product	Versions
google	chrome	< 143.0.7499.110, < 143.0.7499.109, <= 143.0.7499.40, < 26.2, < 18.7.3, < 26.2, < 18.7.3, < 26.2, < 26.2, < 26.2, < 26.2, < 26.2, < 143.0.3650.80

Also Affects

Downstream vendors/products affected by this vulnerability

Vendor	Product	Source	Confidence
apple	visionos	cve_cpe	95%
apple	safari	cve_cpe	95%
apple	watchos	cve_cpe	95%
apple	tvos	cve_cpe	95%
apple	iphone_os	cve_cpe	95%

References

https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html(Release Notes)
https://issues.chromium.org/issues/466192044(Permissions Required)
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security(Third Party Advisory)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-14174(Third Party Advisory)

Related News (2 articles)

Tier D

BleepingComputer5h ago

Apple expands iOS 18 updates to more iPhones to block DarkSword attacks

→ No new info (linked only)

Tier E

Lobsters Security7d ago

The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors

→ No new info (linked only)

CVSS 3.18.8 HIGH

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA KEV✅ Yes

Actively exploited✅ Yes

Patch available

143.0.7499.110143.0.7499.10926.218.7.3143.0.3650.80

CWECWE-787, CWE-119

PublishedDec 12, 2025

Last enriched7h ago

Trending Score105🔥

Source articles2

Independent2

Info Completeness11/14

Missing: epss, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-5281EXPKEV

CVE-2026-5281: Use after free in Dawn in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the render

HIGHCVE-2026-3909EXPKEV

Out of bounds write in Skia in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)

HIGHCVE-2026-3910EXPKEV

Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Hi

HIGHCVE-2026-2441EXPKEV

Use after free in CSS in Google Chrome prior to 145.0.7632.75 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

HIGHCVE-2026-4442EXP

Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Dec 12, 2025

Added to CISA KEV

Dec 12, 2025

Actively Exploited

Dec 15, 2025

Exploit Available

Dec 15, 2025

Patch Available

Dec 15, 2025

Discovered by ZDM

Apr 1, 2026